-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
generate the same CRL when tehere is no revoke/unrevoke #100
Comments
I'm reluctant to have Do you think this is something that belongs in r509 or would it be okay to just write a small wrapper that caches and parses your CRL to prevent regeneration in your case? |
I understand why you do not want an intelligent in generate_crl. Maybe this is not the right place to put this intelligent into. But I think that such a behavior should implement in r509,because only the r509 has full overview about the certificates status /access to the redis db/. we heavy rely on the crl, since we have about 1500 users and they change quite fast. |
Ah I see. Yes, the revoke and unrevoke endpoints in r509-ca-http will generate a new CRL. We could create a "lazy_generate" endpoint on r509-ca-http that would cache the CRL and only generate a new one when it's within <lazy_generate_time> of expiry. |
if the CRL generation is triggered twice and there was no revoke/unrevoke command two different CRL file are generated. The only diffs are validity and serial.
It would be good to generate new CRL only on revoke/unrevoke action or the validity period
The text was updated successfully, but these errors were encountered: